I didn't try it but throwing UnsupportedOperationException in doGetAuthorizationInfo() looks suspicious to me, especially given that you are explicitly using role/url-based permissions. You should add the roles in doGetAuthorizationInfo() - you could simply return a static SimpleAccountInfo with the right roles and see if it makes a difference. I'm not convinced that creating SimpleAccount in doGetAuthenticationInfo() only would or should work.
Kalle On Mon, Aug 2, 2010 at 1:03 PM, Les Hazlewood <[email protected]> wrote: > Hi Suhail, > > Your config looks pretty good, but as of Shiro 1.0, there is no need > for a [filters] section anymore - all object/DI config should be in > [main]. > > Is there a test case or trivial test webapp you could attach to a Jira > issue that replicates the problem? If so, I can look at it right away > - I just don't have the time at the moment to write the test case > myself. > > Regards, > > Les > > On Sun, Aug 1, 2010 at 4:32 AM, Suhail Ahmed <[email protected]> wrote: >> Thanks for jumping in Armando. >> My web.xml look like the following, followed by my realm. The login page is >> the same that shipped with the example. I am running it under glassfish 3, >> compliant with the j2ee 6 spec. The realm does get invoked but then it >> doesn't load the resource under /account/* but just redisplays the same >> login page. >> >> <?xml version="1.0" encoding="UTF-8"?> >> <web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"; >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >> xsi:schemaLocation="http://java.sun.com/xml/ns/javaee >> http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd";> >> <context-param> >> <param-name>javax.faces.PROJECT_STAGE</param-name> >> <param-value>Development</param-value> >> </context-param> >> <filter> >> <filter-name>ShiroFilter</filter-name> >> >> <filter-class>org.apache.shiro.web.servlet.IniShiroFilter</filter-class> >> <init-param> >> <param-name>config</param-name> >> <param-value> >> [main] >> matcher = >> org.apache.shiro.authc.credential.Sha256CredentialsMatcher >> mmer = prototype.security.shiro.realm.TreeRealm >> mmer.credentialsMatcher = $matcher >> [users] >> [roles] >> [filters] >> shiro.loginUrl = /login.xhtml >> shiro.successUrl = /home.xhtml >> [urls] >> # The /login.xhtml is not restricted to authenticated users >> (otherwise no one could log in!), but >> # the 'authc' filter must still be specified for it so it >> can process that url's >> # login submissions. It is 'smart' enough to allow those >> requests through as specified by the >> # shiro.loginUrl above. >> /login.xhtml = authc >> /account/** = authc, roles[admin] >> /remoting/** = authc, roles[b2bClient], >> perms["remote:invoke:lan,wan"] >> </param-value> >> </init-param> >> </filter> >> <filter-mapping> >> <filter-name>ShiroFilter</filter-name> >> <url-pattern>/*</url-pattern> >> </filter-mapping> >> <filter> >> <filter-name>Pretty Filter</filter-name> >> <filter-class>com.ocpsoft.pretty.PrettyFilter</filter-class> >> </filter> >> <filter-mapping> >> <filter-name>Pretty Filter</filter-name> >> <url-pattern>/u/*</url-pattern> >> <dispatcher>REQUEST</dispatcher> >> <dispatcher>FORWARD</dispatcher> >> <dispatcher>ERROR</dispatcher> >> </filter-mapping> >> <servlet> >> <servlet-name>Resource Servlet</servlet-name> >> >> <servlet-class>org.primefaces.resource.ResourceServlet</servlet-class> >> </servlet> >> <servlet> >> <servlet-name>Faces Servlet</servlet-name> >> <servlet-class>javax.faces.webapp.FacesServlet</servlet-class> >> <load-on-startup>1</load-on-startup> >> </servlet> >> <servlet-mapping> >> <servlet-name>Faces Servlet</servlet-name> >> <url-pattern>/u/*</url-pattern> >> </servlet-mapping> >> <servlet-mapping> >> <servlet-name>Resource Servlet</servlet-name> >> <url-pattern>/primefaces_resource/*</url-pattern> >> </servlet-mapping> >> <persistence-context-ref> >> >> <persistence-context-ref-name>persistence/LogicalName</persistence-context-ref-name> >> <persistence-unit-name>opensocial</persistence-unit-name> >> </persistence-context-ref> >> <resource-ref> >> <res-ref-name>UserTransaction</res-ref-name> >> <res-type>javax.transaction.UserTransaction</res-type> >> <res-auth>Container</res-auth> >> </resource-ref> >> <session-config> >> <session-timeout> >> 30 >> </session-timeout> >> </session-config> >> <welcome-file-list> >> <welcome-file>index.xhtml</welcome-file> >> </welcome-file-list> >> </web-app> >> <<----------------- TreeRealm.java -------------------->> >> package prototype.security.shiro.realm; >> import java.util.logging.Level; >> import java.util.logging.Logger; >> import org.apache.shiro.authc.AuthenticationException; >> import org.apache.shiro.authc.AuthenticationInfo; >> import org.apache.shiro.authc.AuthenticationToken; >> import org.apache.shiro.authc.SimpleAccount; >> import org.apache.shiro.authc.UsernamePasswordToken; >> import org.apache.shiro.authc.credential.Sha256CredentialsMatcher; >> import org.apache.shiro.authz.AuthorizationInfo; >> import org.apache.shiro.realm.AuthorizingRealm; >> import org.apache.shiro.subject.PrincipalCollection; >> /** >> * >> * @author Suhail >> */ >> public class TreeRealm extends AuthorizingRealm { >> >> private static final Logger LOG = >> Logger.getLogger(TreeRealm.class.getName()); >> >> public TreeRealm(){ >> setCredentialsMatcher(new Sha256CredentialsMatcher()); >> setCachingEnabled(false); >> LOG.log(Level.INFO, "{0} Started", TreeRealm.class.getName()); >> } >> �...@override >> protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection >> pc) { >> throw new UnsupportedOperationException("Not supported yet."); >> } >> �...@override >> protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken >> at) throws AuthenticationException { >> UsernamePasswordToken upToken = (UsernamePasswordToken) at; >> SimpleAccount account = new SimpleAccount(upToken.getUsername(), >> upToken.getPassword(), getName()); >> account.addRole("admin"); >> account.addRole("user"); >> account.addStringPermission("/account/*:*"); >> return account; >> } >> } >> Thanks for your help again. >> Cheers >> su./hail >> On Sun, Aug 1, 2010 at 9:10 AM, armandoxxx <[email protected]> wrote: >>> >>> Some code would be nice ! >>> Kind regards >>> Armando >>> >>> On Sun, Aug 1, 2010 at 4:05 AM, Suhail Manzoor [via Shiro User] <[hidden >>> email]> wrote: >>>> >>>> Hi, >>>> I have been looking into Shiro to evaluate if it as a candidate for a >>>> project I am working on. I need to develop a realm which I did from the >>>> examples. I also need to integrate it with a JSF based application. I did >>>> the two things along with a login page. I have followed the Shiro web >>>> example to the letter except for using JSF instead of just jsp. But there >>>> seems to be a problem. After authenticating, the app doesn't display the >>>> protected page but keep displaying the login page. I have been trying to >>>> figure out whats been happening for a couple of days but no avail. Could >>>> anyone please help me. I really like the clean API shiro has and would like >>>> to use it going forward. >>>> Thank you very much >>>> su./hail >>>> >>>> ________________________________ >>>> View message @ >>>> http://shiro-user.582556.n2.nabble.com/Newbie-stuck-with-his-own-realm-please-help-tp5359975p5359975.html >>>> To start a new topic under Shiro User, email [hidden email] >>>> To unsubscribe from Shiro User, click here. >>> >>> >>> ________________________________ >>> View this message in context: Re: Newbie stuck with his own realm please >>> help >>> Sent from the Shiro User mailing list archive at Nabble.com. >> >> >
